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Abstract 

Since the introduction at Crypto'05 by Juels and Weis of the pro- 
tocol HB^, a lightweight protocol secure against active attacks but 
only in a detection based-model, many works have tried to enhance 
its security. We propose here a new approach to achieve resistance 
against Man-in-The-Middle attacks. Our requirements - in terms of 
extra communications and hardware - are surprisingly low. 
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1 Introduction 

Radio Frequency IDentification (RFID) systems are still a great challenge 
for researches in the field of security and privacy. One main problem is the 
need for ultra-lightweight cryptographic protocols. 

At Crypto'05, HB^, a now famous cryptographic authentication proto- 
col very well suited for low-cost hardware implementation, was introduced 
by Juels and Weis It enables tags to identify themselves to the reader. 
HB"*" is presented as an improvement of the Hopper and Blum (HB) authen- 
tication scheme [7] . The security of these protocols relies on the hardness of 
the computational Learning Parity with Noise (LPN) problem [U El El El [13] . 
This protocol HB^ is proved secure against active attacks, though preserv- 
ing HB's advantages: mainly, requiring so few resources to run that it can 
be implemented with only a few gates on an RFID tag. However, at the 
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same time, Gilbert, Robshaw and Sibert [6| describe a Man-in-The-Middle 
(MiTM) attack on HB"^ not covered by the corresponding security model. 

Since this attack, various modifications of HB"*" have been proposed to 
increase its security [3l HI [HI [151 U^- However, none has succeeded yet to 
state a formal security against MiTM attacks. 

In this paper, we take a new and very natural approach. We still use 
the protocol HB^ as an identification scheme but also a way to initiate a 
confidential channel to authenticate the tag in a more classical manner in a 
second phase. 

2 HB+ protocol 

Following [7], the HB"'' protocol security is based on the Learning Parity 
with Noise (LPN) problem. Note that several algorithms [H [2l|8] are known 
to solve this problem and the recents proposal of [51 [13] are among the most 
efficient. 

LPN Problem. Let A a random q x k binary matrix, x a random fc-bit 
vector, < 7] < 1/2 a noise parameter and z7 a random g-bit vector of weight 
wtjj-(z7) < r]q. Given A, r] and z = A}x © find a A;-bit vector x' such that 
winiA.^x' ®z)< ijq. 

The HB"^ protocol is made of r successive iterations of a round - as 
described in Fig. [1] where the two A;-bit vectors x and y are secret keys 
shared by the Tag and the Reader. The Tag is successfully authenticated if 

Tag (x, y) Reader {x, y) 

V e {0, l|Pr[i/ = 

Random blinding vector {0, 1}*^ > 

< ~ Random challenge a Gj; {0, l}*^ 

Compute z — a ■ X (S)h ■ y (S) V > Check \i a ■ x ®h ■ y — z 

Figure 1: One round of HB^ 

the check fails at most u x r times for a given threshold u. Moreover, the 
Reader does not need to know a priori which tags and secrets are involved 
for the protocol to work. Eventually, [13] highlights that the sizes of x and 
a may differ from the one of y and b as the first ones only need to be 80-bit 
long to avoid guesses whereas the second ones are used to rely on the LPN 
problem. 
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In [9], Juels and Weis prove that the protocol is secure against passive 
and active attacks in their security model, thanks to the difficulty of the 
LPN problem. Unfortunately, their model do not take into account the extra 
information given by the result (positive or negative) of an authentication 
and this is exploited during the attack introduced in [B] . 

The attack of [6] is a linear-time MiTM attack where an adversary lo- 
cated between the Reader and the Tag is able to corrupt the challenge 
at every round. The adversary chooses a vector 6 in {0, 1}*^ and when a 
challenge a is sent by the Reader, he intercepts the challenge and makes a 
switch to a(B 6. Hence, at the end of the round, the Reader will receive 
z = (a(B6)-x(Bb-y(Bi^ from the Tag. This is repeated along almost all the 
rounds in order to deduce information from the result of the authentication. 
If the authentication succeeds (resp. fails), we have 6 -x = (resp. 6 - x = 1) 
with a high probability. So one can recover x "bit after bit" by varying 6 
progressively. 

The security of HB"*" has also been extensively analyzed to extend the 
protocol to parallel and concurrent executions in [TO] and to explore further 
the large error case (1/4 < rj < 1/2) in pTj . 

3 Our proposal 

3.1 Preliminary definitions 

In order to resist to Man-in-The-Middle attacks, a natural idea is to send a 
proof of integrity of the different parameters to the Reader. The problem is 
to find a lightweight algorithm to achieve this. Particularly, classical MAC 
algorithms, obtained from cryptographic block ciphers or cryptographic one- 
way hash functions seem too heavy in our case. 

Interestingly, we can rely on more traditional hashing techniques follow- 
ing the work of Carter and Wegman [18] and specifically on the very simple 
construction proposed by Krawczyk [12]. Krawczyk uses in [12] a family 
H of linear hash functions which map {0, 1}™ to {0, 1}" in a balanced way 
following the next definition. 

Definition 1 A family H of hash functions is called e-balanced (or e-almost 
universal) if 

Vx G {0,l}'",x ^ 0, c e {0,1}", Fr[h G H,h{x) = c] < e. 
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Now we suppose that the parties share a common key which consists of the 
choice of a particular function h H and a random pad e of length n then 
the message authentication of a message x is computed as t = h{x) © e. 

Here, an adversary will succeed in breaking the authentication if he finds 
x' and t' such that t' = h{x') (B e. With respect to the simplicity of this 
construction, it is important that an adversary does not learn which h or e 
is involved. If is a family of linear hash functions and if H is e-balanced 
then, it is proved in [12j that the probability of success of an adversary is 
lower than e; the scheme is then said e-secure. This clearly emphasizes the 
interest of this construction. 

Following the principle of a one-time pad, the same h can be reused 
but e must be different each time, i.e. it is e-secure against any adversary 
(unconditionaly) only if e is a random pad. 

LFSR-based Toeplitz construction. To construct such hash families, 
an efficient solution is provided in |12j . The author simplifies the multipli- 
cation with a boolean matrix by restricting it to specific Toeplitz matrices 
which can be described by a LFSR. Let the LFSR represented by its feed- 
back polynomial P, an irreducible polynomial over F2 of degree n, and an 
initial state s = (sq, . . . , Sn-i) 7^ 0, then hpg £ H is defined by the linear 
combinations hp^s{x) = @^=q ^j-^j where Sj is the j-th state of the LFSR 
(i.e. So = s). 

Following [12], this family H is then e-balanced for at least a e < . 
Moreover, a hash hp^g is easily implemented in hardware and a second ad- 
vantage is that the message authentication can be computed progressively 
with an accumulator register which is updated after each message bit: the 
implementation does not depend on the size m of x. 

3.2 Description 

We describe here the improved version we propose for HB"*" to thwart Man- 
in-The-Middle attacks. 

We now suppose that the Tag and the Reader share a key (x, y, h) with 
X G {0, l}'^^ , y G {0, l}'^^ and h G H for H a linear and e-balanced hash fam- 
ily. The beginning stays unchanged, r rounds of HB"'' protocol are executed 
(see Fig. [T]), i.e. for i from to r — 1: 

• bi {0, 1}^^ is sent to the Reader; 

• {0, l}'^^ is sent to the Tag; 
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• G {0, 1| Pr[z^ = 1] = r]} is taken; 

• Zi = di ■ X ® bi ■ y ® Ui is sent to the Reader; 

• the Reader checks whether if Zi = ai ■ x bi ■ y. 

Thereafter, if the number of incorrect checks is lower than the threshold uxr, 
the Reader waits for a last message to authenticate the Tag. This first phase 
- corresponding to an execution of the HB^ protocol - is interpreted as a 
way to recover among a set of registered secrets {{x^ ,y^ , h^)}j which {x,y) 
has been used. Once the correct (x, y) is found, the Tag will authenticate 
itself with the associated function h. 

After the r rounds of this first phase, the second phase is the following. 
1. Starting with a noise = {uq, . . . , fr-i), the Tag computes e = E{p) G 



to the Reader, following the principles of [12] recalled in Sec. 13.11 

2. For all i G {0, . . . , r — 1}, the Reader recovers Vi = Zi (B ai • x (B bi ■ y, 
computes e = E{i7) € {0, 1}"" and it checks the validity of the received 
tag t with respect to the received words oq, bo, zq, . . . , a^-i, br-i, -Zr-i- 

Here E maps a r/-biased vector in {0, 1}'' to a quasi-random vector of {0, 1}" 
(cf. section [3^ and h is defined over {0, 1}™ with m = r.{ki + k2 + !)■ 

If the verification succeeds then the authentication is done. 

Informally, the original HB^ protocol helps to identify the Tag mean- 
while it enables to transmit a pseudo-random pad e to the Reader. This 
information enables us to construct a final message authentication which 
aim is to prove the integrity of the communications. 

3.3 Security arguments 

First, the protocol is obviously correct as the last verification is straightfor- 
ward when there is no perturbation of the communications. Secondly, with 
a good pseudo-random function E the last iteration would bring no useful 
information for solving the LPN problem with secrets (x, y) so it seems to 
inherit the security of HB"^ against passive and active (not MiTM) attacks. 
Moreover, we have: 



{0, l}" and sends 



t = h{ {ao,bo,ZQ 
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Theorem 1 If the message authentication scheme induced by the hash fam- 
ily H is e-secure and if the output of E is random and unknown, then any 
MiTM adversary has a probability of success of at most e. 

Sketch of the proof. Indeed, an adversary has a probabiUty at most e of 
being authenticated with modified communications. Suppose that the Tag 
has received altered challenges a'^, . . . ,a'^_-^ and that the Reader received 

modified answers 6q, . . . , z'q ■ ■ ■ , z[._i and a message authentication tag 
t'. To be valid, t' must be equal to 

h (^(^05,6^,4, . . . ,a,r_i,b[.^^,z',^i^^ ®E{v') 

with v[ = z[ (S) ai ■ X ® b'^ ■ y. If v' is unknown from the adversary, then it 
happens only with a probability lower than e thanks to [12]. □ 

Note that the knowledge of v' is conditioned by the difficulty to retrieve 
X and y from the communications. 

3.4 Implementation 

Here we only add one iteration to the r iterations of HB"^. Moreover as 
mentioned in section 13. H a LFSR-based Toeplitz hashing is easy to embed 
in hardware circuits. It is still the case even with an important number of 
rounds: we can take advantage of the construction to compute progressively 
the last authentication message t round after round thanks to an accumula- 
tor which is updated input's bit by input's bit. Thus the computation cost 
is low. 

The main question remains on the function E which must ensure a good 
randomness of its output with the biased vector V as input. 

We might use a randomness extractor to implement E. For instance, if 
we assume that the bit of i/ are independent and identically distributed (as 
it is for the analysis of the LPN solving algorithms such as [l3]), the von 
Neumann procedure [17j outputs a sequence of statistically independent 
and equiprobable bits. On an input source xi,...,j;7V) it considers pairs 
(x2i+i, X2i+2) and outputs X2i+i if they differ, nothing otherwise. For a bias 
r/, from a source of length A^, the output has a mean length of x r/(l — 77). 

Example of parameters. Following [T3], we choose for the underlying 
HB"'" protocol rj = 0.25, ki = 80 and ^2 = 512 to ensure 80 bits security 
with respect to the best known algorithm to solve instances of the LPN 



6 



problem. In this case, with a threshold u = 0.348 and r = 1164 rounds, the 
probability to reject a genuine tag will be about 2~^^ and the probability of 
authentication with random guesses will be close to 2"'^''. 

The size m = r.(/ci + A:2 + 1) of the final message to authenticate is then 
sufficiently large and if we use the von Neumann extractor it leads to a 
mean output's length 218 with a standard deviation about 13. In practice, 
we restrict ourselves to the first n bits with n = 101. With a LFSR-based 
Toeplitz hash family of [T5], it enables us to achieve an e-secure message 
authentication algorithm with e < 2"^'^. Note that the probability to extract 
less than 101 bits in this situation is lower than 2"''^ so it is unlikely to 
happen (if it happens, the authentication process could restart). 

4 Conclusion 

Traditional remedies to the MiTM problems of HB"*" work fine. The addition 
of a cryptographic check of the communications prevents an adversary to 
modify the exchanges between a Tag and its Reader. The reuse of the 
techniques of Krawczyk [12] for enforcing integrity is here determinant as 
this enables us to propose a solution which is still suitable for low-cost Tags. 
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